org.apache.cxf.rs.security.jose.jwk.JsonWebKeys Java Examples
The following examples show how to use
org.apache.cxf.rs.security.jose.jwk.JsonWebKeys.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: OIDCKeysServiceTest.java From cxf with Apache License 2.0 | 6 votes |
|
@org.junit.Test
public void testGetJWKRSAPublicKey() throws Exception {
URL busFile = OIDCFlowTest.class.getResource("client.xml");
String address = "https://localhost:" + JCACHE_SERVER.getPort() + "/services2/";
WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
"alice", "security", busFile.toString());
client.accept("application/json");
client.path("keys/");
Response response = client.get();
JsonWebKeys jsonWebKeys = response.readEntity(JsonWebKeys.class);
assertEquals(1, jsonWebKeys.getKeys().size());
JsonWebKey jsonWebKey = jsonWebKeys.getKeys().get(0);
assertEquals(KeyType.RSA, jsonWebKey.getKeyType());
assertEquals("2011-04-29", jsonWebKey.getKeyId());
assertNotNull(jsonWebKey.getProperty("n"));
assertNotNull(jsonWebKey.getProperty("e"));
// Check we don't send the private key back
checkPrivateKeyParametersNotPresent(jsonWebKeys);
}
Example #2
| Source File: JwsJsonConsumerTest.java From cxf with Apache License 2.0 | 6 votes |
|
@Test
public void testVerifyDualSignedDocument() throws Exception {
JwsJsonConsumer consumer = new JwsJsonConsumer(DUAL_SIGNED_DOCUMENT);
JsonWebKeys jwks = readKeySet("jwkPublicJsonConsumerSet.txt");
List<JwsJsonSignatureEntry> sigEntries = consumer.getSignatureEntries();
assertEquals(2, sigEntries.size());
// 1st signature
String firstKid = sigEntries.get(0).getKeyId();
assertEquals(KID_OF_THE_FIRST_SIGNER, firstKid);
JsonWebKey rsaKey = jwks.getKey(firstKid);
assertNotNull(rsaKey);
assertTrue(sigEntries.get(0).verifySignatureWith(rsaKey));
// 2nd signature
String secondKid = sigEntries.get(1).getKeyId();
assertEquals(KID_OF_THE_SECOND_SIGNER, secondKid);
JsonWebKey ecKey = jwks.getKey(secondKid);
assertNotNull(ecKey);
assertTrue(sigEntries.get(1).verifySignatureWith(ecKey));
}
Example #3
| Source File: JwsJsonConsumerTest.java From cxf with Apache License 2.0 | 6 votes |
|
@Test
public void testVerifySingleEntryInDualSignedDocument() throws Exception {
JwsJsonConsumer consumer = new JwsJsonConsumer(DUAL_SIGNED_DOCUMENT);
JsonWebKeys jwks = readKeySet("jwkPublicJsonConsumerSet.txt");
List<JwsJsonSignatureEntry> sigEntries = consumer.getSignatureEntries();
assertEquals(2, sigEntries.size());
// 1st signature
String firstKid = sigEntries.get(0).getKeyId();
assertEquals(KID_OF_THE_FIRST_SIGNER, firstKid);
JsonWebKey rsaKey = jwks.getKey(firstKid);
assertNotNull(rsaKey);
JwsSignatureVerifier jws = JwsUtils.getSignatureVerifier(rsaKey);
assertTrue(consumer.verifySignatureWith(jws));
List<JwsJsonSignatureEntry> remainingEntries =
consumer.verifyAndGetNonValidated(Collections.singletonList(jws));
assertEquals(1, remainingEntries.size());
assertEquals(KID_OF_THE_SECOND_SIGNER, remainingEntries.get(0).getKeyId());
}
Example #4
| Source File: JwsUtilsTest.java From cxf with Apache License 2.0 | 6 votes |
|
@Test
public void testLoadVerificationKeyWithCert() throws Exception {
Properties p = new Properties();
p.put(JoseConstants.RSSEC_KEY_STORE_FILE,
"org/apache/cxf/rs/security/jose/jws/alice.jks");
p.put(JoseConstants.RSSEC_KEY_STORE_PSWD, "password");
p.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "alice");
p.put(JoseConstants.RSSEC_SIGNATURE_INCLUDE_CERT, true);
JsonWebKeys keySet = JwsUtils.loadPublicVerificationKeys(createMessage(), p, true);
assertEquals(1, keySet.asMap().size());
List<JsonWebKey> keys = keySet.getRsaKeys();
assertEquals(1, keys.size());
JsonWebKey key = keys.get(0);
assertEquals(KeyType.RSA, key.getKeyType());
assertEquals("alice", key.getKeyId());
assertNotNull(key.getKeyProperty(JsonWebKey.RSA_PUBLIC_EXP));
assertNotNull(key.getKeyProperty(JsonWebKey.RSA_MODULUS));
assertNull(key.getKeyProperty(JsonWebKey.RSA_PRIVATE_EXP));
List<String> chain = key.getX509Chain();
assertNotNull(chain);
assertEquals(2, chain.size());
}
Example #5
| Source File: JwsUtilsTest.java From cxf with Apache License 2.0 | 6 votes |
|
@Test
public void testLoadVerificationKey() throws Exception {
Properties p = new Properties();
p.put(JoseConstants.RSSEC_KEY_STORE_FILE,
"org/apache/cxf/rs/security/jose/jws/alice.jks");
p.put(JoseConstants.RSSEC_KEY_STORE_PSWD, "password");
p.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, "alice");
JsonWebKeys keySet = JwsUtils.loadPublicVerificationKeys(createMessage(), p, true);
assertEquals(1, keySet.asMap().size());
List<JsonWebKey> keys = keySet.getRsaKeys();
assertEquals(1, keys.size());
JsonWebKey key = keys.get(0);
assertEquals(KeyType.RSA, key.getKeyType());
assertEquals("alice", key.getKeyId());
assertNotNull(key.getKeyProperty(JsonWebKey.RSA_PUBLIC_EXP));
assertNotNull(key.getKeyProperty(JsonWebKey.RSA_MODULUS));
assertNull(key.getKeyProperty(JsonWebKey.RSA_PRIVATE_EXP));
assertNull(key.getX509Chain());
}
Example #6
| Source File: ApacheCXFConsumer.java From cxf with Apache License 2.0 | 6 votes |
|
protected void consumeJsonJWE(String encryptedData, String plainText, JsonWebKeys keys) {
// Decrypt
// 1. Read data
JweJsonConsumer jweConsumer = new JweJsonConsumer(encryptedData);
jweConsumer.getRecipients().forEach(encryptionBlock -> {
String kid = Crypto.findKeyId(jweConsumer, encryptionBlock);
Assert.assertNotNull("Data does not contain kid header.", kid);
// 2. Get Key
JsonWebKey key = keys.getKey(kid);
Assert.assertNotNull("Data encrypted with unknown key", key);
// 3. Decrypt
KeyAlgorithm keyAlgo = Crypto.findKeyAlgorithm(jweConsumer, encryptionBlock);
ContentAlgorithm contentAlgo = Crypto.findContentAlgorithm(jweConsumer, encryptionBlock);
Assert.assertNotNull("Encrypted data does not define algorithm used", contentAlgo);
JweDecryptionProvider decryptor = getJweDecryptionProvider(key, keyAlgo, contentAlgo);
JweDecryptionOutput output = jweConsumer.decryptWith(decryptor, encryptionBlock);
// Validate plain text
String payload = output.getContentText();
Assert.assertEquals(plainText, payload);
});
}
Example #7
| Source File: OIDCKeysServiceTest.java From cxf with Apache License 2.0 | 6 votes |
|
@org.junit.Test
public void testGetJWKMultipleKeys() throws Exception {
URL busFile = OIDCFlowTest.class.getResource("client.xml");
String address = "https://localhost:" + JCACHE_SERVER.getPort() + "/services6/";
WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
"alice", "security", busFile.toString());
client.accept("application/json");
client.path("keys/");
Response response = client.get();
JsonWebKeys jsonWebKeys = response.readEntity(JsonWebKeys.class);
assertEquals(2, jsonWebKeys.getKeys().size());
// Check we don't send the private key back
checkPrivateKeyParametersNotPresent(jsonWebKeys);
}
Example #8
| Source File: OIDCKeysServiceTest.java From cxf with Apache License 2.0 | 6 votes |
|
@org.junit.Test
public void testGetJWKHMACExplicitlyAllowed() throws Exception {
URL busFile = OIDCFlowTest.class.getResource("client.xml");
String address = "https://localhost:" + JCACHE_SERVER.getPort() + "/services5/";
WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
"alice", "security", busFile.toString());
client.accept("application/json");
client.path("keys/");
Response response = client.get();
JsonWebKeys jsonWebKeys = response.readEntity(JsonWebKeys.class);
// Here we explicitly allow sending back secret keys
assertEquals(1, jsonWebKeys.getKeys().size());
}
Example #9
| Source File: OIDCKeysServiceTest.java From cxf with Apache License 2.0 | 6 votes |
|
@org.junit.Test
public void testGetJWKHMAC() throws Exception {
URL busFile = OIDCFlowTest.class.getResource("client.xml");
String address = "https://localhost:" + JCACHE_SERVER.getPort() + "/services4/";
WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
"alice", "security", busFile.toString());
client.accept("application/json");
client.path("keys/");
Response response = client.get();
JsonWebKeys jsonWebKeys = response.readEntity(JsonWebKeys.class);
// We don't allow sending secret keys back from the key service by default
assertNull(jsonWebKeys.getKeys());
}
Example #10
| Source File: OIDCKeysServiceTest.java From cxf with Apache License 2.0 | 6 votes |
|
@org.junit.Test
public void testGetJWKECPublicKey() throws Exception {
URL busFile = OIDCFlowTest.class.getResource("client.xml");
String address = "https://localhost:" + JCACHE_SERVER.getPort() + "/services3/";
WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
"alice", "security", busFile.toString());
client.accept("application/json");
client.path("keys/");
Response response = client.get();
JsonWebKeys jsonWebKeys = response.readEntity(JsonWebKeys.class);
assertEquals(1, jsonWebKeys.getKeys().size());
JsonWebKey jsonWebKey = jsonWebKeys.getKeys().get(0);
assertEquals(KeyType.EC, jsonWebKey.getKeyType());
assertEquals("ECKey", jsonWebKey.getKeyId());
assertNotNull(jsonWebKey.getProperty("x"));
assertNotNull(jsonWebKey.getProperty("y"));
// Check we don't send the private key back
checkPrivateKeyParametersNotPresent(jsonWebKeys);
}
Example #11
| Source File: OIDCKeysServiceTest.java From cxf with Apache License 2.0 | 6 votes |
|
@org.junit.Test
public void testGetRSAPublicKey() throws Exception {
URL busFile = OIDCFlowTest.class.getResource("client.xml");
String address = "https://localhost:" + JCACHE_SERVER.getPort() + "/services/";
WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(),
"alice", "security", busFile.toString());
client.accept("application/json");
client.path("keys/");
Response response = client.get();
JsonWebKeys jsonWebKeys = response.readEntity(JsonWebKeys.class);
assertEquals(1, jsonWebKeys.getKeys().size());
JsonWebKey jsonWebKey = jsonWebKeys.getKeys().get(0);
assertEquals(KeyType.RSA, jsonWebKey.getKeyType());
assertEquals("alice", jsonWebKey.getKeyId());
assertNotNull(jsonWebKey.getProperty("n"));
assertNotNull(jsonWebKey.getProperty("e"));
// Check we don't send the private key back
checkPrivateKeyParametersNotPresent(jsonWebKeys);
}
Example #12
| Source File: ApacheCXFConsumer.java From cxf with Apache License 2.0 | 6 votes |
|
protected void consumeCompactJWE(String encryptedData, String plainText, JsonWebKeys keys) {
// Decrypt
// 1. Read data to get key id (only need to do this if you don't know the key)
JweCompactConsumer jweConsumer = new JweCompactConsumer(encryptedData);
String kid = jweConsumer.getJweHeaders().getKeyId();
Assert.assertNotNull("Data does not contain kid header.", kid);
// 2. Get key
JsonWebKey key = keys.getKey(kid);
Assert.assertNotNull("Data encrypted with unknown key", key);
// 3. decrypt
JweDecryptionProvider decryptor = getJweDecryptionProvider(key,
jweConsumer.getJweHeaders().getKeyEncryptionAlgorithm(),
jweConsumer.getJweHeaders().getContentEncryptionAlgorithm());
String decryptedText = decryptor.decrypt(encryptedData).getContentText();
// Validate plain text
Assert.assertEquals(plainText, decryptedText);
}
Example #13
| Source File: ApacheCXFConsumer.java From cxf with Apache License 2.0 | 6 votes |
|
protected void consumeJsonJWS(String signedData, String plainText, JsonWebKeys keys) {
// Validate signature
// 1. Read data
JwsJsonConsumer jwsConsumer = new JwsJsonConsumer(signedData);
jwsConsumer.getSignatureEntries().forEach(signature -> {
String kid = signature.getKeyId();
Assert.assertNotNull("Signature does not contain kid.", kid);
// 2. Get Key
JsonWebKey key = keys.getKey(kid);
Assert.assertNotNull("Data signed with unknown key", key);
// 3. Verify
SignatureAlgorithm signAlgo = signature.getUnionHeader().getSignatureAlgorithm();
Assert.assertNotNull("Signed data does not define algorithm used", signAlgo);
JwsSignatureVerifier signatureVerifier = JwsUtils.getSignatureVerifier(key, signAlgo);
Assert.assertTrue("Signature validation failed", jwsConsumer.verifySignatureWith(signatureVerifier));
// Validate plain text
Assert.assertEquals(plainText, signature.getDecodedJwsPayload());
});
}
Example #14
| Source File: ApacheCXFConsumer.java From cxf with Apache License 2.0 | 6 votes |
|
protected void consumeCompactJWS(String signedData, String plainText, JsonWebKeys keys) {
// Validate Signature
// 1. Read data to get key id (only need to do this if you don't know the key)
JwsCompactConsumer jwsConsumer = new JwsCompactConsumer(signedData);
String kid = jwsConsumer.getJwsHeaders().getKeyId();
Assert.assertNotNull("Data does not contain kid header.", kid);
// 2. Get key
JsonWebKey key = keys.getKey(kid);
Assert.assertNotNull("Data signed with unknown key", key);
// 3. Verify
SignatureAlgorithm signAlgo = jwsConsumer.getJwsHeaders().getSignatureAlgorithm();
Assert.assertNotNull("Signed data does not define algorithm used", signAlgo);
JwsSignatureVerifier signatureVerifier = JwsUtils.getSignatureVerifier(key, signAlgo);
Assert.assertTrue("Signature validation failed", jwsConsumer.verifySignatureWith(signatureVerifier));
// Validate plain text
Assert.assertEquals(plainText, jwsConsumer.getDecodedJwsPayload());
}
Example #15
| Source File: JwsUtils.java From cxf with Apache License 2.0 | 6 votes |
|
public static JsonWebKeys loadPublicVerificationKeys(Message m, Properties props, boolean stripPrivateParameters) {
String storeType = props.getProperty(JoseConstants.RSSEC_KEY_STORE_TYPE);
if ("jwk".equals(storeType)) {
List<JsonWebKey> jsonWebKeys = JwkUtils.loadJsonWebKeys(m, props, KeyOperation.SIGN, null);
if (jsonWebKeys == null || jsonWebKeys.isEmpty()) {
throw new JoseException("Error loading keys");
}
return new JsonWebKeys(stripPrivateParameters ? JwkUtils.stripPrivateParameters(jsonWebKeys) : jsonWebKeys);
}
X509Certificate[] certs = null;
if (PropertyUtils.isTrue(props.get(JoseConstants.RSSEC_SIGNATURE_INCLUDE_CERT))) {
certs = KeyManagementUtils.loadX509CertificateOrChain(m, props);
}
PublicKey key = certs != null && certs.length > 0
? certs[0].getPublicKey() : KeyManagementUtils.loadPublicKey(m, props);
JsonWebKey jwk = JwkUtils.fromPublicKey(key, props, JoseConstants.RSSEC_SIGNATURE_ALGORITHM);
jwk.setPublicKeyUse(PublicKeyUse.SIGN);
if (certs != null) {
jwk.setX509Chain(KeyManagementUtils.encodeX509CertificateChain(certs));
}
return new JsonWebKeys(jwk);
}
Example #16
| Source File: ApacheCXFProducer.java From cxf with Apache License 2.0 | 6 votes |
|
public void produceJWS(String keyType, String signatureAlgorithm, Serialization serialization, String plainText,
String jwksJson) {
JsonWebKeys keys = JwkUtils.readJwkSet(jwksJson);
JsonWebKey key = getRequestedKeyType(keyType, keys).orElseThrow(IllegalArgumentException::new);
// Sign
JwsHeaders jwsHeaders = new JwsHeaders();
jwsHeaders.setKeyId(key.getKeyId());
jwsHeaders.setAlgorithm(signatureAlgorithm);
switch (serialization) {
case COMPACT:
produceCompactJWS(plainText, key, jwsHeaders);
break;
case FLATTENED:
produceJsonJWS(plainText, key, jwsHeaders, true);
break;
case JSON:
produceJsonJWS(plainText, key, jwsHeaders, false);
break;
default:
throw new IllegalArgumentException("Serialization not supported: " + serialization);
}
}
Example #17
| Source File: ApacheCXFProducer.java From cxf with Apache License 2.0 | 6 votes |
|
public void produceJWE(String keyType, String keyEncryptionAlgorithm, String contentEncryptionAlgorithm,
Serialization serialization, String plainText, String jwksJson) {
JsonWebKeys keys = JwkUtils.readJwkSet(jwksJson);
JsonWebKey key = getRequestedKeyType(keyType, keys).orElseThrow(IllegalArgumentException::new);
// Encrypt
switch (serialization) {
case COMPACT:
JweHeaders headers = new JweHeaders();
headers.setKeyId(key.getKeyId());
headers.setKeyEncryptionAlgorithm(KeyAlgorithm.getAlgorithm(keyEncryptionAlgorithm));
headers.setContentEncryptionAlgorithm(ContentAlgorithm.getAlgorithm(contentEncryptionAlgorithm));
produceCompactJWE(plainText, key, headers);
break;
case FLATTENED:
produceJsonJWE(keyEncryptionAlgorithm, contentEncryptionAlgorithm, plainText, key, true);
break;
case JSON:
produceJsonJWE(keyEncryptionAlgorithm, contentEncryptionAlgorithm, plainText, key, false);
break;
default:
throw new IllegalArgumentException("Serialization not supported: " + serialization);
}
}
Example #18
| Source File: JwkJoseCookBookTest.java From cxf with Apache License 2.0 | 5 votes |
|
private void validatePrivateSet(JsonWebKeys jwks) throws Exception {
List<JsonWebKey> keys = jwks.getKeys();
assertEquals(2, keys.size());
JsonWebKey ecKey = keys.get(0);
assertEquals(7, ecKey.asMap().size());
validatePrivateEcKey(ecKey);
JsonWebKey rsaKey = keys.get(1);
assertEquals(11, rsaKey.asMap().size());
validatePrivateRsaKey(rsaKey);
}
Example #19
| Source File: ApacheCXFConsumer.java From cxf with Apache License 2.0 | 5 votes |
|
public void consumeJWE(String encryptedData, String plainText, String jwks) {
JsonWebKeys keys = JwkUtils.readJwkSet(jwks);
if (encryptedData.startsWith("{")) {
consumeJsonJWE(encryptedData, plainText, keys);
} else {
consumeCompactJWE(encryptedData, plainText, keys);
}
}
Example #20
| Source File: ApacheCXFConsumer.java From cxf with Apache License 2.0 | 5 votes |
|
public void consumeJWS(String signedData, String plainText, String jwks) {
JsonWebKeys keys = JwkUtils.readJwkSet(jwks);
if (signedData.startsWith("{")) {
consumeJsonJWS(signedData, plainText, keys);
} else {
consumeCompactJWS(signedData, plainText, keys);
}
}
Example #21
| Source File: JwkJoseCookBookTest.java From cxf with Apache License 2.0 | 5 votes |
|
@Test
public void testPublicSetAsList() throws Exception {
JsonWebKeys jwks = readKeySet("cookbookPublicSet.txt");
List<JsonWebKey> keys = jwks.getKeys();
assertEquals(2, keys.size());
JsonWebKey ecKey = keys.get(0);
assertEquals(6, ecKey.asMap().size());
validatePublicEcKey(ecKey);
JsonWebKey rsaKey = keys.get(1);
assertEquals(5, rsaKey.asMap().size());
validatePublicRsaKey(rsaKey);
}
Example #22
| Source File: JwkJoseCookBookTest.java From cxf with Apache License 2.0 | 5 votes |
|
@Test
public void testPublicSetAsMap() throws Exception {
JsonWebKeys jwks = readKeySet("cookbookPublicSet.txt");
Map<KeyType, List<JsonWebKey>> keysMap = jwks.getKeyTypeMap();
assertEquals(2, keysMap.size());
List<JsonWebKey> rsaKeys = keysMap.get(KeyType.RSA);
assertEquals(1, rsaKeys.size());
assertEquals(5, rsaKeys.get(0).asMap().size());
validatePublicRsaKey(rsaKeys.get(0));
List<JsonWebKey> ecKeys = keysMap.get(KeyType.EC);
assertEquals(1, ecKeys.size());
assertEquals(6, ecKeys.get(0).asMap().size());
validatePublicEcKey(ecKeys.get(0));
}
Example #23
| Source File: KeySetRetriever.java From deprecated-security-advanced-modules with Apache License 2.0 | 5 votes |
|
public JsonWebKeys get() throws AuthenticatorUnavailableException {
String uri = getJwksUri();
try (CloseableHttpClient httpClient = createHttpClient(null)) {
HttpGet httpGet = new HttpGet(uri);
RequestConfig requestConfig = RequestConfig.custom().setConnectionRequestTimeout(getRequestTimeoutMs())
.setConnectTimeout(getRequestTimeoutMs()).setSocketTimeout(getRequestTimeoutMs()).build();
httpGet.setConfig(requestConfig);
try (CloseableHttpResponse response = httpClient.execute(httpGet)) {
StatusLine statusLine = response.getStatusLine();
if (statusLine.getStatusCode() < 200 || statusLine.getStatusCode() >= 300) {
throw new AuthenticatorUnavailableException("Error while getting " + uri + ": " + statusLine);
}
HttpEntity httpEntity = response.getEntity();
if (httpEntity == null) {
throw new AuthenticatorUnavailableException(
"Error while getting " + uri + ": Empty response entity");
}
JsonWebKeys keySet = JwkUtils.readJwkSet(httpEntity.getContent());
return keySet;
}
} catch (IOException e) {
throw new AuthenticatorUnavailableException("Error while getting " + uri + ": " + e, e);
}
}
Example #24
| Source File: JwkJoseCookBookTest.java From cxf with Apache License 2.0 | 5 votes |
|
@Test
public void testSecretSetAsList() throws Exception {
JsonWebKeys jwks = readKeySet("cookbookSecretSet.txt");
List<JsonWebKey> keys = jwks.getKeys();
assertEquals(2, keys.size());
JsonWebKey signKey = keys.get(0);
assertEquals(5, signKey.asMap().size());
validateSecretSignKey(signKey);
JsonWebKey encKey = keys.get(1);
assertEquals(5, encKey.asMap().size());
validateSecretEncKey(encKey);
}
Example #25
| Source File: JwsJoseCookBookTest.java From cxf with Apache License 2.0 | 5 votes |
|
@Test
public void testRSAv15Signature() throws Exception {
JwsCompactProducer compactProducer = new JwsCompactProducer(PAYLOAD);
compactProducer.getJwsHeaders().setSignatureAlgorithm(SignatureAlgorithm.RS256);
compactProducer.getJwsHeaders().setKeyId(RSA_KID_VALUE);
JsonMapObjectReaderWriter reader = new JsonMapObjectReaderWriter();
assertEquals(reader.toJson(compactProducer.getJwsHeaders().asMap()), RSA_V1_5_SIGNATURE_PROTECTED_HEADER_JSON);
assertEquals(compactProducer.getUnsignedEncodedJws(),
RSA_V1_5_SIGNATURE_PROTECTED_HEADER + "." + ENCODED_PAYLOAD);
JsonWebKeys jwks = readKeySet("cookbookPrivateSet.txt");
List<JsonWebKey> keys = jwks.getKeys();
JsonWebKey rsaKey = keys.get(1);
compactProducer.signWith(rsaKey);
assertEquals(compactProducer.getSignedEncodedJws(),
RSA_V1_5_SIGNATURE_PROTECTED_HEADER + "." + ENCODED_PAYLOAD + "." + RSA_V1_5_SIGNATURE_VALUE);
JwsCompactConsumer compactConsumer = new JwsCompactConsumer(compactProducer.getSignedEncodedJws());
JsonWebKeys publicJwks = readKeySet("cookbookPublicSet.txt");
List<JsonWebKey> publicKeys = publicJwks.getKeys();
JsonWebKey rsaPublicKey = publicKeys.get(1);
assertTrue(compactConsumer.verifySignatureWith(rsaPublicKey,
SignatureAlgorithm.RS256));
JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD);
assertEquals(jsonProducer.getPlainPayload(), PAYLOAD);
assertEquals(jsonProducer.getUnsignedEncodedPayload(), ENCODED_PAYLOAD);
JwsHeaders protectedHeader = new JwsHeaders();
protectedHeader.setSignatureAlgorithm(SignatureAlgorithm.RS256);
protectedHeader.setKeyId(RSA_KID_VALUE);
jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey,
SignatureAlgorithm.RS256), protectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(), RSA_V1_5_JSON_GENERAL_SERIALIZATION);
JwsJsonConsumer jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, SignatureAlgorithm.RS256));
jsonProducer = new JwsJsonProducer(PAYLOAD, true);
jsonProducer.signWith(JwsUtils.getSignatureProvider(rsaKey, SignatureAlgorithm.RS256), protectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(), RSA_V1_5_JSON_FLATTENED_SERIALIZATION);
jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
assertTrue(jsonConsumer.verifySignatureWith(rsaPublicKey, SignatureAlgorithm.RS256));
}
Example #26
| Source File: JwsJoseCookBookTest.java From cxf with Apache License 2.0 | 5 votes |
|
@Test
public void testECDSASignature() throws Exception {
try {
Cipher.getInstance(AlgorithmUtils.ES_SHA_512_JAVA);
} catch (Throwable t) {
Security.addProvider(new BouncyCastleProvider());
}
try {
JwsCompactProducer compactProducer = new JwsCompactProducer(PAYLOAD);
compactProducer.getJwsHeaders().setSignatureAlgorithm(SignatureAlgorithm.ES512);
compactProducer.getJwsHeaders().setKeyId(ECDSA_KID_VALUE);
JsonMapObjectReaderWriter reader = new JsonMapObjectReaderWriter();
assertEquals(reader.toJson(compactProducer.getJwsHeaders().asMap()),
ECDSA_SIGNATURE_PROTECTED_HEADER_JSON);
assertEquals(compactProducer.getUnsignedEncodedJws(),
ECSDA_SIGNATURE_PROTECTED_HEADER + "." + ENCODED_PAYLOAD);
JsonWebKeys jwks = readKeySet("cookbookPrivateSet.txt");
List<JsonWebKey> keys = jwks.getKeys();
JsonWebKey ecKey = keys.get(0);
compactProducer.signWith(new EcDsaJwsSignatureProvider(JwkUtils.toECPrivateKey(ecKey),
SignatureAlgorithm.ES512));
assertEquals(compactProducer.getUnsignedEncodedJws(),
ECSDA_SIGNATURE_PROTECTED_HEADER + "." + ENCODED_PAYLOAD);
assertEquals(132, Base64UrlUtility.decode(compactProducer.getEncodedSignature()).length);
JwsCompactConsumer compactConsumer = new JwsCompactConsumer(compactProducer.getSignedEncodedJws());
JsonWebKeys publicJwks = readKeySet("cookbookPublicSet.txt");
List<JsonWebKey> publicKeys = publicJwks.getKeys();
JsonWebKey ecPublicKey = publicKeys.get(0);
assertTrue(compactConsumer.verifySignatureWith(ecPublicKey, SignatureAlgorithm.ES512));
} finally {
Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
}
}
Example #27
| Source File: JwsJoseCookBookTest.java From cxf with Apache License 2.0 | 5 votes |
|
@Test
public void testHMACSignature() throws Exception {
JwsCompactProducer compactProducer = new JwsCompactProducer(PAYLOAD);
compactProducer.getJwsHeaders().setSignatureAlgorithm(SignatureAlgorithm.HS256);
compactProducer.getJwsHeaders().setKeyId(HMAC_KID_VALUE);
JsonMapObjectReaderWriter reader = new JsonMapObjectReaderWriter();
assertEquals(reader.toJson(compactProducer.getJwsHeaders().asMap()), HMAC_SIGNATURE_PROTECTED_HEADER_JSON);
assertEquals(compactProducer.getUnsignedEncodedJws(),
HMAC_SIGNATURE_PROTECTED_HEADER + "." + ENCODED_PAYLOAD);
JsonWebKeys jwks = readKeySet("cookbookSecretSet.txt");
List<JsonWebKey> keys = jwks.getKeys();
JsonWebKey key = keys.get(0);
compactProducer.signWith(key);
assertEquals(compactProducer.getSignedEncodedJws(),
HMAC_SIGNATURE_PROTECTED_HEADER + "." + ENCODED_PAYLOAD + "." + HMAC_SIGNATURE_VALUE);
JwsCompactConsumer compactConsumer = new JwsCompactConsumer(compactProducer.getSignedEncodedJws());
assertTrue(compactConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD);
assertEquals(jsonProducer.getPlainPayload(), PAYLOAD);
assertEquals(jsonProducer.getUnsignedEncodedPayload(), ENCODED_PAYLOAD);
JwsHeaders protectedHeader = new JwsHeaders();
protectedHeader.setSignatureAlgorithm(SignatureAlgorithm.HS256);
protectedHeader.setKeyId(HMAC_KID_VALUE);
jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), protectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(), HMAC_JSON_GENERAL_SERIALIZATION);
JwsJsonConsumer jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
jsonProducer = new JwsJsonProducer(PAYLOAD, true);
jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), protectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(), HMAC_JSON_FLATTENED_SERIALIZATION);
jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
}
Example #28
| Source File: JwsJoseCookBookTest.java From cxf with Apache License 2.0 | 5 votes |
|
@SuppressWarnings("deprecation")
@Test
public void testDetachedHMACSignature() throws Exception {
JwsCompactProducer compactProducer = new JwsCompactProducer(PAYLOAD, true);
compactProducer.getJwsHeaders().setSignatureAlgorithm(SignatureAlgorithm.HS256);
compactProducer.getJwsHeaders().setKeyId(HMAC_KID_VALUE);
JsonMapObjectReaderWriter reader = new JsonMapObjectReaderWriter();
assertEquals(reader.toJson(compactProducer.getJwsHeaders().asMap()), HMAC_SIGNATURE_PROTECTED_HEADER_JSON);
assertEquals(compactProducer.getUnsignedEncodedJws(),
HMAC_SIGNATURE_PROTECTED_HEADER + ".");
JsonWebKeys jwks = readKeySet("cookbookSecretSet.txt");
List<JsonWebKey> keys = jwks.getKeys();
JsonWebKey key = keys.get(0);
compactProducer.signWith(key);
assertEquals(compactProducer.getSignedEncodedJws(), DETACHED_HMAC_JWS);
JwsCompactConsumer compactConsumer =
new JwsCompactConsumer(compactProducer.getSignedEncodedJws(), ENCODED_PAYLOAD);
assertTrue(compactConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD);
assertEquals(jsonProducer.getPlainPayload(), PAYLOAD);
assertEquals(jsonProducer.getUnsignedEncodedPayload(), ENCODED_PAYLOAD);
JwsHeaders protectedHeader = new JwsHeaders();
protectedHeader.setSignatureAlgorithm(SignatureAlgorithm.HS256);
protectedHeader.setKeyId(HMAC_KID_VALUE);
jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), protectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(true), HMAC_DETACHED_JSON_GENERAL_SERIALIZATION);
JwsJsonConsumer jsonConsumer =
new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument(true), ENCODED_PAYLOAD);
assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
jsonProducer = new JwsJsonProducer(PAYLOAD, true);
jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), protectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(true), HMAC_DETACHED_JSON_FLATTENED_SERIALIZATION);
jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument(true), ENCODED_PAYLOAD);
assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
}
Example #29
| Source File: JwsJoseCookBookTest.java From cxf with Apache License 2.0 | 5 votes |
|
@Test
public void testDetachedHMACSignature2() throws Exception {
JsonWebKeys jwks = readKeySet("cookbookSecretSet.txt");
List<JsonWebKey> keys = jwks.getKeys();
JsonWebKey key = keys.get(0);
JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD, false, true);
assertEquals(jsonProducer.getPlainPayload(), PAYLOAD);
assertEquals(jsonProducer.getUnsignedEncodedPayload(), ENCODED_PAYLOAD);
JwsHeaders protectedHeader = new JwsHeaders();
protectedHeader.setSignatureAlgorithm(SignatureAlgorithm.HS256);
protectedHeader.setKeyId(HMAC_KID_VALUE);
String jwsJsonCompleteSequence =
jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), protectedHeader);
assertEquals(jwsJsonCompleteSequence, HMAC_DETACHED_JSON_GENERAL_SERIALIZATION);
JwsJsonConsumer jsonConsumer =
new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument(), ENCODED_PAYLOAD);
assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
jsonProducer = new JwsJsonProducer(PAYLOAD, true, true);
String jwsJsonFlattenedSequence =
jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256), protectedHeader);
assertEquals(jwsJsonFlattenedSequence, HMAC_DETACHED_JSON_FLATTENED_SERIALIZATION);
jsonConsumer = new JwsJsonConsumer(jwsJsonFlattenedSequence, ENCODED_PAYLOAD);
assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
}
Example #30
| Source File: JwsJoseCookBookTest.java From cxf with Apache License 2.0 | 5 votes |
|
@Test
public void testProtectingSpecificHeaderFieldsSignature() throws Exception {
JwsJsonProducer jsonProducer = new JwsJsonProducer(PAYLOAD);
assertEquals(jsonProducer.getPlainPayload(), PAYLOAD);
assertEquals(jsonProducer.getUnsignedEncodedPayload(), ENCODED_PAYLOAD);
JwsHeaders protectedHeader = new JwsHeaders();
protectedHeader.setSignatureAlgorithm(SignatureAlgorithm.HS256);
JwsHeaders unprotectedHeader = new JwsHeaders();
unprotectedHeader.setKeyId(HMAC_KID_VALUE);
JsonWebKeys jwks = readKeySet("cookbookSecretSet.txt");
List<JsonWebKey> keys = jwks.getKeys();
JsonWebKey key = keys.get(0);
jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256),
protectedHeader, unprotectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(),
PROTECTING_SPECIFIC_HEADER_FIELDS_JSON_GENERAL_SERIALIZATION);
JwsJsonConsumer jsonConsumer =
new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
jsonProducer = new JwsJsonProducer(PAYLOAD, true);
jsonProducer.signWith(JwsUtils.getSignatureProvider(key, SignatureAlgorithm.HS256),
protectedHeader, unprotectedHeader);
assertEquals(jsonProducer.getJwsJsonSignedDocument(),
PROTECTING_SPECIFIC_HEADER_FIELDS_JSON_FLATTENED_SERIALIZATION);
jsonConsumer = new JwsJsonConsumer(jsonProducer.getJwsJsonSignedDocument());
assertTrue(jsonConsumer.verifySignatureWith(key, SignatureAlgorithm.HS256));
}
